NginxHttpRealIpModule
Contents |
Synopsis
This module allows to change the client's IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).
It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client's IP.
This module isn't built by default, enable it with the configure option
--with-http_realip_module
User Note: "You will build a list of trusted proxies (see below) and the first IP in the header which is not trusted will be used as the client IP." Source: README of the Apache module mod_extract . Quite informative, about why and how this security feature is helpful.
Example:
set_real_ip_from 192.168.1.0/24; set_real_ip_from 192.168.2.1; real_ip_header X-Real-IP;
Directives
set_real_ip_from
syntax: set_real_ip_from [the address|CIDR]
default: none
context: http, server, location
This directive describes the trusted addresses, which transfer accurate address for the replacement.
real_ip_header
syntax: real_ip_header [X-Real-IP|X-Forwarded-For]
default: real_ip_header X-Real-IP
context: http, server, location
This directive sets the name of the header used for transferring the replacement IP address.












